solution Contentsolution Content

HP DesignJet, OfficeJet, LaserJet, PageWide, Photosmart Printers, Execution of Arbitrary Code or Denial of Service

Integer overflow in SOAP (Simple Object Access Protocol) function in Genivia gSOAP allows execution of arbitrary code or denial of service, also known as Devil’s Ivy attack.

Severity: High
HP Reference: HPSBPI03566 Rev. 3
Release date: 19-Sep-2017
Last updated: 09-Sep-2020
Category: Print
Potential Security Impact: Execution of arbitrary code or Denial of Service

Receive updates on this bulletin

Relevant Common Vulnerabilities and Exposures (CVE) List

Source: HP Product Security Response Team (PSRT)

Reported by Check Point Software.

List of CVE IDs
CVE ID	Base Vector	Base Score
CVE-2017-9765	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	8.1 High

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2017-0133

Background

For a PGP-signed version of this security bulletin please write to: hp-security-alert@hp.com

References

CVE-2017-9765, PSR-2017-0133

Resolution

HP has provided firmware updates for impacted printers as indicated in the table below. Follow these steps to obtain the updated firmware:

Go to www.hp.com.
Select Support at the top of the page, then click Software & drivers.
Enter the appropriate product name or model number from the table below into the search field.
Click Find.
Scroll down and click Firmware from the category list.
Click the Download button for appropriate firmware.

Affected products

Find the products affected and the firmware version that resolves the vulnerabilities.

LaserJet affected products

Find the products affected and the firmware version that resolves the vulnerabilities.

LaserJet printers
Product Name	Model Number	Firmware Revision
HP Color LaserJet Pro M154	T6B51A, T6B52A	201709 (or later)
HP Color LaserJet Pro M252	B4A21A, B4A22A	201709 (or later)
HP Color LaserJet Pro M254	T6B59A, T6B60A, T6B61A	201709 (or later)
HP Color LaserJet Pro M452	CF388A, CF389A, CF394A	201709 (or later)
HP Color LaserJet Pro MFP M180, M181	T6B70A, T6B71A, T6B74A	201709 (or later)
HP Color LaserJet Pro MFP M277, M274	B3Q10A, B3Q11A, B3Q17A, M6D61A	201709 (or later)
HP Color LaserJet Pro MFP M280, M281	T6B80A, T6B81A, T6B82A, T6B83A	201709 (or later)
HP Color LaserJet Pro MFP M377, M477	CF377A, CF378A, CF379A, M5H23A	201709 (or later)
HP Color LaserJet Pro MFP M476	CF385A, CF386A, CF387A	201709 (or later)
HP LaserJet Pro 400 M401	CF270A, CF274A, CF278A, CF285A, CF399A, CZ195A	201709 (or later)
HP LaserJet Pro 400 MFP M425	CF286A, CF288A	201709 (or later)
HP LaserJet Pro 500 color MFP M570	CZ271A, CZ272A	201709 (or later)
HP LaserJet Pro M102, M104, M106	G3Q34A, G3Q35A, G3Q36A, G3Q37A, G3Q39A	201709 (or later)
HP LaserJet Pro M15, M16, M17	W2G50A, W2G51A, W2G52A, W2G53A, Y5S43A	201708 (or later)
HP LaserJet Pro M201, M202	C6N20A, C6N21A, CF455A, CF456A	201709 (or later)
HP LaserJet Pro M203, M206, M118	4PA39A, G3Q46A, G3Q47A, G3Q48A, G3Q50A	201709 (or later)
HP LaserJet Pro M225, M226	C6N22A, C6N23A, CF484A, CF485A, CF486A	201709 (or later)
HP LaserJet Pro M402, M403	C5F92A, C5F93A, C5F94A, C5F95A, C5F96A, C5J91A, G3V21A, F6J41A, F6J42A, F6J43A, F6J44A	201709 (or later)
HP LaserJet Pro M435	A3E42A	201709 (or later)
HP LaserJet Pro M501	J8H60A, J8H61A	201709 (or later)
HP LaserJet Pro M521	A8P79A, A8P80A	201709 (or later)
HP LaserJet Pro M701, M706	B6S00A, B6S01A, B6S02A	201709 (or later)
HP LaserJet Pro MFP M130, M132, M134	G3Q57A, G3Q58A, G3Q59A, G3Q60A, G3Q61A, G3Q62A, G3Q63A, G3Q64A, G3Q65A, G3Q66A, G3Q67A, G3Q68A	201709 (or later)
HP LaserJet Pro MFP M29, M31	W2G54A, W2G55A, W2G56A, W2G57A, Y5S53A, Y5S50A, Y5S54A, Y5S55A	201708 (or later)
HP LaserJet Pro MFP M426, M427	C5F97A, C5F98A, C5F99A, F6W13A, F6W14A, F6W15A, F6W16A, F6W17A, F6W18A, F6W19A	201709 (or later)
HP LaserJet Ultra MFP M230	4PA41A, 4PA42A, 4PA44A, G3Q74A, G3Q75A, G3Q76A, G3Q77A, G3Q78A, G3Q79A	201709 (or later)
HP LaserJet Pro MFP M227, M148, M149

PageWide affected products

Find the products affected and the firmware version that resolves the vulnerabilities.

PageWide printers
Product Name	Model Number	Firmware Revision
HP Officejet Pro X451dn Printer	CN459A	1819A(or later)
HP Officejet Pro X451dw Printer	CN463A	1819A (or later)
HP Officejet Pro X476dn Multifunction Printer	CN460A	1819A (or later)
HP Officejet Pro X476dw Multifunction Printer	CN461A	1819A (or later)
HP Officejet Pro X551dw Printer	CV037A	1819A (or later)
HP Officejet Pro X576dw Multifunction Printer	CN598A	1819A (or later)
HP PageWide 352dw Printer	J6U57A, J6U57B	001.1743A (or later)
HP PageWide 377dw Multifunction Printer	J9V80A, J9V80B	001.1743A (or later)
HP PageWide Managed P55250dw Printer series	J6U51B, J6U55A, J6U55B, J6U55C, J6U55D	001.1743A (or later)
HP PageWide Managed P57750dw Multifunction Printer series HP PageWide Managed P52750dw Multifunction Printer	J9V82A, J9V82B, J9V82C, J9V82D, J9V78B	001.1743A (or later)
HP PageWide Managed P75050dn Printer HP PageWide Managed P75050dw Printer	W1B28A, Y3Z45A, Y3Z45B, Y3Z45C, Y3Z45D, W1B29A, Y3Z47A, Y3Z47B, Y3Z47C, Y3Z47D	004.1743A (or later)
HP PageWide Pro 452dn Printer series	D3Q15A, D3Q15B, D3Q15D	001.1743A (or later)
HP PageWide Pro 452dw Printer series	D3Q16A, D3Q16B, D3Q16C, D3Q16D	001.1743A (or later)
HP PageWide Pro 477dn Multifunction Printer series	D3Q19A, D3Q19B, D3Q19D	001.1743A (or later)
HP PageWide Pro 477dw Multifunction Printer series	D3Q20A, D3Q20B, D3Q20C, D3Q20D, W2Z53B	001.1743A (or later)
HP PageWide Pro 552dw Printer series	D3Q17A, D3Q17B, D3Q17C, D3Q17D, 2DR21D, K9Z74A, K9Z74B, K9Z74D	001.1743A (or later)
HP PageWide Pro 577dw Multifunction Printer series	D3Q21A, D3Q21B, D3Q21C, D3Q21D	001.1743A (or later)
HP PageWide Pro 577z Multifunction Printer series	K9Z76A, K9Z76B, K9Z76D	001.1743A (or later)
HP PageWide Pro 750dn Printer	Y3Z44A, Y3Z44B, Y3Z44C, Y3Z44D	004.1743A (or later)
HP PageWide Pro 750dw Printer	A7W93A, Y3Z46A, Y3Z46B, Y3Z46C, Y3Z46D	004.1743A (or later)
HP PageWide Pro 772dn Multifunction Printer	Y3Z54A, Y3Z54B, Y3Z54C, Y3Z54D	004.1743A (or later)
HP PageWide Pro 772dw Multifunction Printer	W1B31A, W1B31B, W1B31C, W1B31D	004.1743A (or later)

AMP, DeskJet, ENVY, OfficeJet, and Photosmart affected products

Find the products affected and the firmware version that resolves the vulnerabilities.

AMP, DeskJet, ENVY, OfficeJet, Photosmart printers
Product Name	Model Number	Firmware Revision
HP AMP Printer	T8X39A, T8X40A, T8X42A, T8X39D, T8X44A, 1SH08A, T8X40D, T8X39B, T8X39C, T8X40B	1750B (or later)
HP Deskjet 2540 All-in-One Printer	K9B57B, K9B59A, K8T38A, K9B56A, D3A81A, A9U22A, A9U22B, A9U19A, K2W35A, A9U27A, A9U28B, D3A80A, J7V18B, D3A78B, D3A79A, D3A82A, J7V17B, J7V19B, K9B54A, E1E94B, K9B55A	1949A (or later)
HP DeskJet 2600 All-in-One Printer	V1N01B, V1N01C, Y5H80A, Y5H68A, Y5H68D, 4UJ28B, V1N07A, Y5H67A, Y5H67D, Y5H69A, Y5H69D, V1N08A, Y5H60A, Y5H61A, Y5H62A, Y5H72D, V1N03B, V1N03C, V1N05B, V1N05C, V1N06B, V1N07B, Y5H63A, Y5H64A, Y5H65A, V1N05A, V1N01A, V1N03A, V1N04A	1738A (or later)
HP DeskJet 3700 All-in-One Printer	J9V86A , J9V86B, J9V93B, J9V94B, J9V95B, J9V96B, J9V97B, T8W54A, T8W92A, T8W56A, T8W57A, T8W58A, T8W59A, T8W93A, T8W94A, T8X00B, T8X01B, T8X04B, T8X05B, T8X06B, T8X07B, T8X10B, T8X12B, T8W51A, T8W52A, J9V90A, J9V91A, J9V92A, T8W83A, T8W95A, T8X19B, T8W96A, T8X23B, T8X27B	1750A (or later
HP DeskJet GT 5820 All-in-One Printer	2ND31A, M2Q28A, P0R21A, X3B09A, 1WW50A, 2ND32A, P0R22A	1750B (or later)
HP DeskJet Ink Advantage 2600 All-in-One Printer	V1N02A, V1N02B, Y5Z00A, Y5Z03B, Y5Z04B, Y5Z02B	1735A (or later)
HP Deskjet Ink Advantage 3525 All-in-One Printer	CX060A, CX061A, CZ275A, CZ275B, CZ275C	1942A (or later)
HP Deskjet Ink Advantage 3540 e-All-in-One Printer	E6G69A, A9T81A, A9T81B, A9T81C, F9A24A, L5T77A, A9T82A, A9T84C, A9T83B	2025A (or later)
HP DeskJet Ink Advantage 3630 All-in-One Printer	F5S44A, F5S44B, F5S44C, K4U06A, K4U07A, K4U08A, F5S45A, F5S53C, K4U05B, F5S46B	1733B (or later)
HP DeskJet Ink Advantage 3830 All-in-One Printer	F5R96A, F5R96B, F5R96C, F5R97A, F5R98B	1804A (or later)
HP Deskjet Ink Advantage 4510 e-All-in-One Printer	A9J41A, A9J41B, A9J41C, A9J42A, A9J43B	1933A (or later)
HP DeskJet Ink Advantage 4530 All-in-One Printer	E6G68A, F0V64A, F0V64B, F0V64C, F0V65A, F0V66B	1750B (or later)
HP DeskJet Ink Advantage 4670 All-in-One Printer	F1H97A, F1H97B, F1H97C, F1H98A, F1H99B	1750B (or later)
HP Deskjet Ink Advantage 5520 All-in-One Printer	CX051A, CZ282A, CZ282B, CZ282C, E1P48A	1942A (or later)
HP DeskJet Ink Advantage 5570 All-in-One Printer	G0V48B, G0V48C	1741A (or later)
HP DeskJet Ink Advantage 5645 All-in-One Printer	B9S57C	1821B (or later)
HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer	F5S65A, F5S66A, L8L91A	1733A (or later)
HP DeskJet Ink Advantage Ultra 5730 All-in-One Printer	F5S61A, F5S60A	1733A (or later)
HP Envy 120 e-All-in-One Printer	CZ022A,CZ022B, CZ022C, CZ025A, CZ025C	2002A (or later)
HP Envy 120 e-All-in-One Printer	CZ022A, CZ022B, CZ022C, CZ025A, CZ025C	2002A (or later)
HP ENVY 4500 e-All-in-One Printer	N4E46A, A9T80A, A9T80B, D3P93A, F2K48A, K2M74A, C8D05A, A9T85A, A9T87B, E6G71B, A9T88B, A9T89A, C8D04A, A9T86A, D3P95A, E6G70B, E6G72B, D3P94A, D3P94B	2025A (or later)
HP ENVY 4510 All-in-One Printer	K9H48A, K9H50A, K9H49A, K9H51A, K9H52A, K9H53A	1750B (or later)
HP ENVY 4520 All-in-One Printer	E6G67A, E6G67B, F0V63A, F0V63B, F0V69A, J6U70B, K9T10B, F0V67A, F0V70B, F0V73A, J6U59B, J6U60B, W3U26A, F0V71B, F0V72B, J6U69A, K9T01A, K9T09B, K9T05B, J6U61B, K9T06B, K9T07B, K9T08B	1750B (or later)
HP ENVY 5530 e-All-in-One Printer	A9J40A, A9J40B, A9J49A, A9J47A, K2M73A, A9J45A, A9J48B, A9J46A, D4J85B, A9J44A, K3Z41A, D4J86B, A9J48A	1933A (or later)
HP ENVY 5540 All-in-One Printer	F2E72A, G0V47A, G0V52A, G0V53A, J6U66A, K7C85A, K7G89A, G0V51A, K7C86A, K7C87A, K7C88A, K7G90A, N9U88A, G0V54A, K7C89A, K7C93A, G0V50A, K7G88A, J6U67A, K7C90A, J6U64A, K7G87A, K7G86A	1741A (or later)
HP ENVY 5640, 5660 e-All-in-One Printer	B9S56A, B9S58A, B9S59A, B9S61A, B9S62A, B9S63A, B9S64A, B9S65A, F8B04A, F8B05A, F8B06A, F8B07A, F8B08A, F8B12A, F8B13A, K5L42A, T5R62A	1736A (or later)
HP ENVY 7640 e-All-in-One Printer	E4W43A, E4W43B, E4W47A, E4W45A, E4W46A, E4W44A	1736A (or later)
HP OfficeJet 200 Mobile Printer	CZ993A, L9B95A	1733A (or later)
HP OfficeJet 202 Mobile Printer	N4K99C, N4L14C	1733A (or later)
HP OfficeJet 250 Mobile All-in-One Printer	CZ992A, L9D57A, N4L17A	1802A (or later)
HP OfficeJet 252 Mobile All-in-One Printer	N4L16C, N4L18C	1802A (or later)
HP Officejet 3830 All-in-One Printer	F5R95A, F5R95B, F5R95C, K7V40A, K7V36A, K7V45B, F5R99A, F5S01B, F5S03B, K7V37A, F5S02B, K7V44B	1804A (or later)
HP Officejet 4630 e-All-in-One Printer	B4L03A, B4L03B, B4L03C, D4J76A, E6G81A, E6G81B, B4L07A, B4L05A, B4L06B, E6G85B, D4J74A, D4J78B, B4L04A,E6G86B, D4J75A, D4J77B	2025A (or later)
HP OfficeJet 4650 All-in-One Printer	E6G87A, F1H96A, F1H96B, F1J03A, F1J04A, F9D37A, K9V77A, K9V85B, K9V83B, F1J02A, F1J05B, K9V84B, F1J06B, F1J07B, K9V76A, F1J00A, K9V79A, K9V82B, K9V81B, V6D27B, V6D29B, V6D28B, V6D30B	1750B (or later)
HP Officejet 5740 e-All-in-One Printer	B9S76A, B9S78A, B9S79A, B9S83A, B9S81A, B9S84A, F8B11A, F8B10A, B9S82A, B9S85A, B9S80A, F8B09A, T1P36A	1736A (or later)
HP Officejet Pro 6230 ePrinter	E3E03A	1741A (or later)
HP OfficeJet 7510 Wide Format All-in-One Printer	G3J47A, K1Z44A	1940A (or later)
HP OfficeJet 7610 Wide Format e-All-in-One Printer	CR769A	2028B (or later)
HP Officejet 7612 Wide Format e-All-in-One Printer	G1X85A	1943A (or later)
HP Officejet Pro 251dw Printer	J5W83A, CV136A	2031A (or later)
HP Officejet Pro 276dw Multifunction Printer	J5W40A, CR770A	2030D (or later)
HP Officejet Pro 6830 Printer	L3L04A, T6T84A, E3E02A, M0F56A, E3E02AR, J2D37A	1739A (or later)
HP OfficeJet Pro 7720, 7730 Printer	G5J56A, , L3T99A, Y0S18A, Y0S19A	1733A (or later)
HP OfficeJet Pro 7740 Printer	G5J38A, T1P99A	1821B (or later)
HP OfficeJet Pro 8210, 8216 Printer	D9L63A, D9L64A, J3P65A, J3P66A, J3P67A, T0G70A, J3P68A	1803A (or later)
HP Officejet Pro 8610 e-All-in-One Printer	T0K98A, E1D34A, D7Z36A, J5T77A, A7F64A	1733A (or later)
HP Officejet Pro 8620 e-All-in-One Printer	A7F65A, K1Y99A, D7Z37A, CM750A	1733A (or later)
HP Officejet Pro 8630 e-All-in-One Printer	A7F65A, A7F66A, K1Y99A, D7Z37A, CN577A	1733A (or later)
HP Officejet Pro 8640 e-All-in-One Printer	K7U92A, E2D42A	1733B (or later)
HP Officejet Pro 8650 e-All-in-One Printer	E1D36A	1733B (or later)
HP OfficeJet Pro 8710 Printer	D9L18A, M9L66A, M9L67A, T0G46A, J6X76A, J6X78A, J6X80A, K7S37A, M9L70A, J6X77A, J6X81A, J6X79A, K7S38A, T0G47A, T0G48A, T0G49A, M9L65A	1803A (or later)
HP OfficeJet Pro 8720 Printer	D9L19A, M9L74A, M9L75A, M9L76A, J7A28A, J7A31A, K7S34A, K7S35A, M9L80A, J7A29A, K7S36A, T0G54A	1803A (or later)
HP Officejet Pro 8730, 8740 Printer	D9L20A, D9L21A, K7S42A, T0G65A, K7S39A, J6X83A, K7S43A, K7S40A, K7S41A	1803A (or later)
HP Photosmart 3525 e-All-in-One Printer	CX052A, CX052B, CX052C, CX053C, CX056A, CX056AR, F6H93A, CX058A, E3P97A, CX055B, CX057A, CX054B, CX059A	1942A (or later)
HP Photosmart 5520 e-All-in-One Printer	C7G19A, CX042A, CX042B, CX045C, CX046C, K8G35A, CX049C, CX044A, CX048B, CX047B, CX043A. CX043B	1942A (or later)
HP Photosmart 6520 e-All-in-One Printer	CX017A, CX017B, CX020C, CX021C, CX018A, CX018B	2024A (or later)
HP Photosmart 7520 e-All-in-One Printer	CZ045A, CZ045B, J6W59A, CZ046A	1948A (or later)

DesignJet affected products

HP has provided firmware updates for impacted printers as indicated in the tables below.

DesignJet printers
Product Name	Model Number	Firmware Revision
HP DesignJet T830 24-in Multifunction Printer	F9A28A, F9A28B, F9A28D, F9A28E	1913C (or later)
HP DesignJet T100 24-in Printer HP DesignJet T125 24-in Printer HP DesignJet T130 24-in Printer HP DesignJet T525 24-in Printer HP DesignJet T530 24-in Printer HP DesignJet T530 24-in Printer HP DesignJet T525 36-in Printer HP DesignJet T530 36-in Printer HP DesignJet T530 36-in Printer	5ZY56A, 5ZY57A, 5ZY58A, 5ZY59A, 5ZY60A, 5ZY60B, 5ZY61A, 5ZY62A, 5ZY62B	1910A (or later)
HP DesignJet T520 24-in ePrinter HP DesignJet T120 24-in ePrinter HP DesignJet T520 36-in ePrinter	CQ890A, CQ891A, CQ893A	1907A (or later)(Rev A)
HP DesignJet T520 36-in ePrinter HP DesignJet T520 36-in Printer HP DesignJet T520 36-in Printer (2018 edition) HP DesignJet T520 36-in Printer (2018 edition, legless)	CQ890B, CQ890C, CQ890D, CQ891B, CQ891C, CQ893B, CQ893C, CQ893E	1911B (or later)(Rev B/C)
HP DesignJet T730 36-in Printer HP DesignJet T730 with Rugged Case HP DesignJet T830 36-in Multifunction Printer HP DesignJet T830 MFP with armor case HP DesignJet T830 MFP with Rugged Case	F9A29A, F9A29B, F9A29D, F9A29E, F9A30A, F9A30B, F9A30C, F9A30D, F9A30E	1913C (or later)

Revision history

This document has been revised according to the information below.

List of versions
Version	Description	Date
3	Updated product list	9-Sep-2020
2	Updated product list	24-Aug-2020
1	Initial Release	19-Sep-2017

Additional information

Follow these links for additional information.

Third-party security patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
Security bulletin archive: To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

Legal information

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Otras opciones de soporte técnico

Pruebe las herramientas y los diagnósticos automatizados

Haga una pregunta en nuestra página de la comunidad de soporte de HP

Póngase en contacto con uno de nuestros agentes de soporte

Ingrese un tema para buscar en nuestra biblioteca de conocimientos

¿Con qué podemos ayudarle?

¿Necesita ayuda?